"... As aircraft designs become more complex, automationhas become an important factor in improving safety and reliability. Automated flight control systems can respond intelligently to faults when it is impractical for a human to take control quickly. In recent years neural networks have been proposed ..."

As aircraft designs become more complex, automationhas become an important factor in improving safety and reliability. Automated flight control systems can respond intelligently to faults when it is impractical for a human to take control quickly. In recent years neural networks have been proposed for fault identification and accommodation purposes within flight control schemes because they are well suited to non-linear, multi-variable systems. Because neural networks learn to associate various control actions with particular input data patterns, they avoid the need to explicitly program all the relevant fault situations. A major

risk analysis, risk modeling, componentdependency graphs, software architecture, dynamic metrics Risk assessment is an essential process of every software risk management plan. Several risk assessment techniques are based on the subjective judgement of domain experts. Subjective risk assessment techniques are human intensive and error-prone. Risk assessment should be based on product attributes that we can quantitatively measure using product metrics. This paper presents a methodology for reliability risk assessment at the early stages of the development lifecycle, namely the architecture level. We describe a heuristic risk assessment methodology that is based on dynamic

"... Static source code analysis and software fault injection are two popular approaches to testing and verifying the robustness of software. We chose a set of commonly-used applications: CUPS, Berkeley DB, the GNU file utilities, Apache, MySQL, sudo and zlib, and tested them with both static analysis an ..."

Static source code analysis and software fault injection are two popular approaches to testing and verifying the robustness of software. We chose a set of commonly-used applications: CUPS, Berkeley DB, the GNU file utilities, Apache, MySQL, sudo and zlib, and tested them with both static analysis and fault injection tools to discover errors. The results of our tests provide insight into the strengths and weaknesses of each technique. These results also suggest possibilities for improving each type of tool, as well as ways to form a synergistic combination of the two.

"... In this paper we present a fault-injector tool, named JAFL (Java Fault Loader), which was developed with the target of testing the fault-tolerance mechanisms of Grid and Web applications. Along with the JAFL internals description, we will present some results collected from synthetic experiments whe ..."

In this paper we present a fault-injector tool, named JAFL (Java Fault Loader), which was developed with the target of testing the fault-tolerance mechanisms of Grid and Web applications. Along with the JAFL internals description, we will present some results collected from synthetic experiments where we used both our injector and fault detection mechanisms. With these results we expect to prove that our fault injection tool can be actively used to evaluate fault detection mechanisms.

"... A hierarchical model for processing noisy and partial information in large-scale real-time task environments Abstract. In this paper we introduce the Incremental Distributed Dispatcher Manager (IDDM) that is designed to handle control problems with large numbers of tasks and cooperative agents where ..."

A hierarchical model for processing noisy and partial information in large-scale real-time task environments Abstract. In this paper we introduce the Incremental Distributed Dispatcher Manager (IDDM) that is designed to handle control problems with large numbers of tasks and cooperative agents where only partial and noisy information is available. The IDDM is a modification of the DDM model that was developed to solve similar problems but in environments where accurate information is available. There were a number of challenges that had to be addressed in developing the IDDM: (1) agents must be able to process noisy information which they then use to compute a partial solution to a local task; (2) the system must be able to integrate the partial results obtained by several agents into a more accurate global solution; and (3) even though the information may be extremely noisy, solutions should be developed and integrated in real time. Our approach for handling noisy information is to first estimate which information is incorrect, and then to use only the remaining information to form partial solutions. We tested our model and algorithms in an environment of many mobile Doppler sensors and targets. Our experiments demonstrate that our agents reach a high level of task satisfaction even with a high rate of noise. 1

"... The use of COTS software components within safety-critical systems has been suggested as potentially bringing substantial benefits in terms of cost and time savings. However, the success of a COTS-based safety-critical system development depends largely upon systematic COTS selection, evaluation and ..."

The use of COTS software components within safety-critical systems has been suggested as potentially bringing substantial benefits in terms of cost and time savings. However, the success of a COTS-based safety-critical system development depends largely upon systematic COTS selection, evaluation and integration that take into account application specific safety concerns. Due to the lack of such a systematic approach, current practices often make early decisions on the use of COTS software products without adequate consideration of safety, which makes it extremely difficult, or impossible in some cases, to certify the final COTS-based safety-critical system (i.e. inability to establish an acceptable safety case). This thesis defines and demonstrates a coherent approach to COTS selection, evaluation and integration, which works towards final system certification. Within the approach, application specific safety requirements derived for the expected COTS functionality are used as evaluation and selection criteria. Where these requirements cannot be met directly by a candidate COTS component the approach encourages the targeted

"... Online Adaptive Systems cannot be certified using traditional testing and proving methods, because these methods rely on assumptions that do not hold for such systems. In this paper we discuss a framework for reasoning about online adaptive systems, and see how this framework can be used to perform ..."

Online Adaptive Systems cannot be certified using traditional testing and proving methods, because these methods rely on assumptions that do not hold for such systems. In this paper we discuss a framework for reasoning about online adaptive systems, and see how this framework can be used to perform the verification of these systems. In addition to the framework, we present some preliminary results on concrete neural network models.

"... Software engineering methods can increase the dependability of software systems, and yet some faults escape even the most rigorous and methodical development process. Therefore, to guarantee high levels of reliability in the presence of faults, software systems must be designed to reduce the impact ..."

Software engineering methods can increase the dependability of software systems, and yet some faults escape even the most rigorous and methodical development process. Therefore, to guarantee high levels of reliability in the presence of faults, software systems must be designed to reduce the impact of the failures caused by such faults, for example by deploying techniques to detect and compensate for erroneous runtime conditions. In this chapter, we focus on software techniques to handle software faults, and we survey several such techniques developed in the area of fault tolerance and more recently in the area of autonomic computing. Since practically all techniques exploit some form of redundancy, we consider the impact of redundancy on the software architecture, and we propose a taxonomy centered on the nature and use of redundancy in software systems. The primary utility of this taxonomy is to classify and compare techniques to handle software faults.

"... Redundancy is a system property that generally refers to duplication of state information or system function. While redundancy is usually investigated in the context of fault tolerance, one can argue that it is in fact an intrinsic feature of a system that can be analyzed on its own without refer-en ..."

Redundancy is a system property that generally refers to duplication of state information or system function. While redundancy is usually investigated in the context of fault tolerance, one can argue that it is in fact an intrinsic feature of a system that can be analyzed on its own without refer-ence to fault tolerance. Redundancy may arise by design, generally to support fault tolerance, or as a natural byprod-uct of design, and is usually unexploited. In this paper, we tentatively explore observable forms of redundancy, as well as mathematical models that capture them.